Bug report:data lost
Hi?? I found a critical bug of GPG4win,which may cause data loss.It's that,when I select several files that with Chinese character names,right click and select encrypt and/or sign,and do it ,then these several files can not packaged and encrypted to a .tar.gpg archive.The data lost,not packaged in the archive.That may cause data lost.The issue is that ,the GPG don't support Chinese character well.In the above case,if the file named English letters,there's no problem.The same thing happens when select a folder which include several files named with Chinese characters and right click to encrypt or sign.This is very inconvenient. Is that a problem? Thanks for solving it. Best regards. littlephoenix 2014-07-14 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: how to do
Please can you elaborate on how it is incorrect to say that somebody who knows the passphrase to a secret key can make changes to that key. Would this maybe be the case when using an encryption subkey with an offline main key? If you make encryption and signing subkeys you can export them (i.e. the secret subkeys), create a new gnupg home directory, import the subkeys, change the password on them, and finally, export and distribute them to the people who are supposed to use them. By doing this you can have a person who manages the master key separately under another password and the authorized users can use the encryption and signing secret subkeys without being able to make changes to them I think we are in danger of working with different concepts of what not being able to means. On a first level, if you have read/write access to the key-file, it is just a file and you can do pretty much anything with it. On a second level, proper cryptographic protection may prevent you from doing anything sensible with it, if you don't have access to the protecting secret(e.g.the GnuPG access passphrase). On a third level you may know the secret access key but within the small world of a particular cryto tool (GnuPG in this case) you cannot do. You may sit down and code it yourself, however. This third level of cannot do is usually disregarded by cryptographers and IT-security people, yet I think this is probably the kind of cannot do we are talking about here. I have to admit I don't know much about the way the subkey structure is organized internally in OpenPGP, so if there is some true cryptographic protection of the subkey relationships, may someone who knows about it please tell me. If there were true cryptographic protection, it would have to work without a password. This might be very interesting crypto stuff then :-).. My gut feeling makes me believe this protection is impossible with cryptographically independent keys, however, and that you could always at least embed the exported subkey into a newly created parent key structure and newly design whatever sub/super-key structure you like around the exported key. So unless there is convincing cryptographic reasoning about why you cannot do something to the key you have the access password to, I would not rely on the cannot do. Regards, Michael Anders ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Bug report:data lost
On 07/13/2014 10:42 PM, alittlephoenix wrote: Hi! I found a critical bug of GPG4win,which may cause data loss.It's that,when I select several files that with Chinese character names,right click and select encrypt and/or sign,and do it ,then these several files can not packaged and encrypted to a .tar.gpg archive.The data lost,not packaged in the archive.That may cause data lost.The issue is that ,the GPG don't support Chinese character well.In the above case,if the file named English letters,there's no problem.The same thing happens when select a folder which include several files named with Chinese characters and right click to encrypt or sign.This is very inconvenient. Is that a problem? This does sound like a problem. it would be good to know if this is an issue with gpg archiving mechanism, or something to do with the gpg4win graphical interface. I don't have a windows machine handy, but I would like to try to replicate the problem on a unix-like platform. Can you give an example of filenames that get lost? Also, have you tried using the command line tools to create the archive? I don't know what the command is called in gpg4win, but on unix the command would be: gpg-zip --encrypt --output test.tar.gpg -r WHOEVER FILE1 FILE2 (replace WHOEVER with the name of the recipient, and replace FILE1 and FILE2 with the filenames to be included in the archive) hope this helps, --dkg signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
email bot for PGP/MIME PGP/Inline conversion
Hello, first I admit that this is not a GnuPG problem. AFAIK the smartphone OpenPGP clients are incapable of handling PGP/MIME yet. Wouldn't it be nice to have a mail service where you can send a PGP/MIME mail to and get it back in PGP/Inline format (or more general: in the other format)? If the message is encrypted then there would not even be a privacy concern. Unencrypted mail could be forwarded (and sent back) encryptedly. The service provider could read it though. If such services become established (of course, after so much time the smartphone apps should finally be fixed...) then the mail providers could offer this service themselves. They already know the mail content anyway. Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: email bot for PGP/MIME PGP/Inline conversion
On 07/14/2014 05:44 PM, Hauke Laging wrote: Hello, first I admit that this is not a GnuPG problem. AFAIK the smartphone OpenPGP clients are incapable of handling PGP/MIME yet. Wouldn't it be nice to have a mail service where you can send a PGP/MIME mail to and get it back in PGP/Inline format (or more general: in the other format)? If the message is encrypted then there would not even be a privacy concern. Unencrypted mail could be forwarded (and sent back) encryptedly. The service provider could read it though. If such services become established (of course, after so much time the smartphone apps should finally be fixed...) then the mail providers could offer this service themselves. They already know the mail content anyway. Unfortunately this won't work. You cannot convert a PGP/MIME message into a PGP/INLINE message and vice versa. With a PGP/MIME message, the complete MIME structure is signed and/or encrypted. This includes attachments etc. With PGP/INLINE every individual MIME part is signed and/or encrypted. Kind regards, Martijn Brinkers -- CipherMail email encryption Open source email encryption gateway with support for S/MIME, OpenPGP and PDF messaging. http://www.ciphermail.com Twitter: http://twitter.com/CipherMail ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: email bot for PGP/MIME PGP/Inline conversion
Am Mo 14.07.2014, 18:06:37 schrieb martijn.list: Unfortunately this won't work. ...with emails which have an attachment. Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: email bot for PGP/MIME PGP/Inline conversion
On 07/14/2014 09:06 AM, martijn.list wrote: Unfortunately this won't work. You cannot convert a PGP/MIME message into a PGP/INLINE message and vice versa. With a PGP/MIME message, the complete MIME structure is signed and/or encrypted. This includes attachments etc. In the absence of attachments, I'm fairly certain you're wrong about that. I've written a script to verify the signature of PGP/MIME messages, and the signature is over the message itself (again, in the absence of attachments). It should be fairly simple to take that script and output the message body with a synthesized inline signature. Attachments add a lot of complexity, but even there it should be doable, just a SMOP. The thing that would trip you up are message types that can only be successfully signed with PGP/MIME, like HTML, and certain character encodings. So you could never have a completely successful solution, but you could probably get to 80% or so with a minimum of difficulty. hth, Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: email bot for PGP/MIME PGP/Inline conversion
On 07/14/2014 06:18 PM, Doug Barton wrote: On 07/14/2014 09:06 AM, martijn.list wrote: Unfortunately this won't work. You cannot convert a PGP/MIME message into a PGP/INLINE message and vice versa. With a PGP/MIME message, the complete MIME structure is signed and/or encrypted. This includes attachments etc. In the absence of attachments, I'm fairly certain you're wrong about that. I've written a script to verify the signature of PGP/MIME messages, and the signature is over the message itself (again, in the absence of attachments). It should be fairly simple to take that script and output the message body with a synthesized inline signature. Yes with a text only message it should work. But if you have a multipart/alternative message (i.e., text and html part) you'll run into troubles. Attachments add a lot of complexity, but even there it should be doable, just a SMOP. But how? you can of course show the complete MIME structure but that is not very informative I would think. Perhaps I'm missing something though. The thing that would trip you up are message types that can only be successfully signed with PGP/MIME, like HTML, and certain character encodings. So you could never have a completely successful solution, but you could probably get to 80% or so with a minimum of difficulty. With unfortunately won't work, I meant won't work in the general case :) Of course there will be cases where it will work. The problem is that since the original message is encrypted, you cannot know for sure for which message it will work and for which message it won't. But if someone is happy with 80% reliability then you might make people happy with such a service. Kind regards, Martijn Brinkers -- CipherMail email encryption Open source email encryption gateway with support for S/MIME, OpenPGP and PDF messaging. http://www.ciphermail.com Twitter: http://twitter.com/CipherMail ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: email bot for PGP/MIME PGP/Inline conversion
On 07/14/2014 09:33 AM, martijn.list wrote: The problem is that since the original message is encrypted Signed is the common case, and I believe what the OP was asking about. Of course decrypting PGP/MIME is trivial, and then you're right back to what I wrote in the previous message about dealing with the parts. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gnupg - pgp reading signed files
Hello, Due to a discussion on sci.crypt I tried pgp 2.6 accept a file signed by gnupg. This worked, but only when I set the compression to 0 (none). Doesn't pgp 2.6 use zip compression? I have in gpg.conf: compress-algo 0 cipher-algo IDEA digest-algo MD5 s2k-cipher-algo IDEA s2k-digest-algo MD5 rfc1991 pgp2 gpg --sign --armor file.txt results in file.txt.asc pgp 2 can interpret it just fine. I use gnupg 1.4.18 and pgp 2.6.3ia (compiled myself as 32 bit win32 commandline executable). If I use another value for compress-algo pgp gives: ERROR: Nested data has unexpected format. CTB=0x90 -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: email bot for PGP/MIME PGP/Inline conversion
Verify, strip, resign. Of course each person would have to configure their own trusted MTA. If it got compromised, it could either falsely verify inbound mail to them, or spoof out bound mail as them. Dependent on which function it was configured to perform. On Jul 14, 2014 10:22 AM, martijn.list martijn.l...@gmail.com wrote: On 07/14/2014 06:18 PM, Doug Barton wrote: On 07/14/2014 09:06 AM, martijn.list wrote: Unfortunately this won't work. You cannot convert a PGP/MIME message into a PGP/INLINE message and vice versa. With a PGP/MIME message, the complete MIME structure is signed and/or encrypted. This includes attachments etc. In the absence of attachments, I'm fairly certain you're wrong about that. I've written a script to verify the signature of PGP/MIME messages, and the signature is over the message itself (again, in the absence of attachments). It should be fairly simple to take that script and output the message body with a synthesized inline signature. Yes with a text only message it should work. But if you have a multipart/alternative message (i.e., text and html part) you'll run into troubles. Attachments add a lot of complexity, but even there it should be doable, just a SMOP. But how? you can of course show the complete MIME structure but that is not very informative I would think. Perhaps I'm missing something though. The thing that would trip you up are message types that can only be successfully signed with PGP/MIME, like HTML, and certain character encodings. So you could never have a completely successful solution, but you could probably get to 80% or so with a minimum of difficulty. With unfortunately won't work, I meant won't work in the general case :) Of course there will be cases where it will work. The problem is that since the original message is encrypted, you cannot know for sure for which message it will work and for which message it won't. But if someone is happy with 80% reliability then you might make people happy with such a service. Kind regards, Martijn Brinkers -- CipherMail email encryption Open source email encryption gateway with support for S/MIME, OpenPGP and PDF messaging. http://www.ciphermail.com Twitter: http://twitter.com/CipherMail ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: how to do
On 12/07/14 22:33, Michael Anders wrote: I think we are in danger of working with different concepts of what not being able to means. The scenario painted is this: The primary key is used for creating new UIDs and certifying other people's keys. The subkeys are used for signing data and messages, and for encryption. The authorized people who can do decryption and signatures simply do not have access to the key material of the primary secret key; they have only been given the secret subkeys. They are cryptographically prevented from adding UIDs or certifying other people's keys because they only have the public key for the primary key. For example, in the case of RSA, there is no copy of the two large primes of the primary key on their computer; not even an encrypted copy. The data is simply absent. My gut feeling makes me believe this protection is impossible with cryptographically independent keys The primary key and the subkeys are independent from a cryptographic standpoint; it is only by (signed) data that they are linked, not by math. This is precisely the reason why this works, so I suspect you've accidentally left out a negation in that sentence or put one in too many. and that you could always at least embed the exported subkey into a newly created parent key structure and newly design whatever sub/super-key structure you like around the exported key. GnuPG uses a dummy-S2K for this purpose, which signals that what follows is not actually private key material, but an omission of that. It looks like this when using --list-packets: :secret key packet: version 4, algo 1, created 1331982780, expires 0 skey[0]: [1024 bits] skey[1]: [17 bits] gnu-dummy S2K, algo: 3, SHA1 protection, hash: 2 protect IV: keyid: 98B67DE4DCDFDFA4 :user ID packet: Test Teststra (Koning van Wezel) test@example.invalid :signature packet: algo 1, keyid 98B67DE4DCDFDFA4 version 4, created 1405363401, md5len 0, sigclass 0x13 [...] :secret sub key packet: version 4, algo 1, created 1331982780, expires 0 skey[0]: [1024 bits] skey[1]: [17 bits] iter+salt S2K, algo: 3, SHA1 protection, hash: 2, salt: 263ca1c908ec3b00 protect count: 1966080 (174) protect IV: ad 80 21 8a a8 71 0f 7a encrypted stuff follows keyid: 211601B877A3395A :signature packet: algo 1, keyid 98B67DE4DCDFDFA4 version 4, created 1331982780, md5len 0, sigclass 0x18 [...] Note how for the subkey it says encrypted stuff follows whereas for the primary key it just says dummy. skey[0] and skey[1] are, in spite of their names, public key components which correspond to pkey[0] and pkey[1] in public key packets, HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://digitalbrains.com/2012/openpgp-key-peter ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: email bot for PGP/MIME PGP/Inline conversion
On 07/14/2014 10:49 AM, Schlacta, Christ wrote: Verify, strip, resign. That would be exactly the wrong way to do it. The only reasonably secure way, and the only way anyone knowledgeable about cryptography would accept, is to synthesize an inline message which contained the original signature. Your points about the bot becoming compromised are exactly why not to do what you suggested. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: email bot for PGP/MIME PGP/Inline conversion
Message: 7 Date: Mon, 14 Jul 2014 17:44:19 +0200 From: Hauke Laging mailinglis...@hauke-laging.de To: gnupg-users@gnupg.org Subject: email bot for PGP/MIME PGP/Inline conversion Message-ID: 1941784.HI3FAsm8DL@inno Content-Type: text/plain; charset=utf-8 Hello, first I admit that this is not a GnuPG problem. AFAIK the smartphone OpenPGP clients are incapable of handling PGP/MIME yet. Wouldn't it be nice to have a mail service where you can send a PGP/MIME mail to and get it back in PGP/Inline format (or more general: in the other format)? If the message is encrypted then there would not even be a privacy concern. Unencrypted mail could be forwarded (and sent back) encryptedly. The service provider could read it though. If such services become established (of course, after so much time the smartphone apps should finally be fixed...) then the mail providers could offer this service themselves. They already know the mail content anyway. Hauke There is a mail program supporting pgp messages. It's K9-Mail with APG encryption software. It supports PGP/MIME message format. Whenever a PGP encrypted message is detected, it calls APG to do the cryptographic tasks and view the decrypted message. Of course, there is no way to convert PGP/MIME to inline PGP because this will break the PGP signature validity. I recommend to leave the smartphone as is and do the encrypted mails on a pc. smime.p7s Description: S/MIME cryptographic signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
AW: [Announce] GnuPG 1.4.18 released
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Hello, WinPT works also with GnuPG 1.4.18 very well. But occasionally WinPT reacts to a faulty configuration of GnuPG with a cold, however. Regards Sebastian -Ursprüngliche Nachricht- Von: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] Im Auftrag von Reinhard Irmer Gesendet: Dienstag, 1. Juli 2014 13:58 An: gnupg-users@gnupg.org Cc: gnupg...@gnupg.org Betreff: AW: [Announce] GnuPG 1.4.18 released -Ursprüngliche Nachricht- Von: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] Im Auftrag von Werner Koch Gesendet: Montag, 30. Juni 2014 20:37 An: gnupg-annou...@gnupg.org; info-...@gnu.org Betreff: [Announce] GnuPG 1.4.18 released Hello! Hello Werner, We are pleased to announce the availability of a new stable GnuPG-1 release: Version 1.4.18. Installing gnupg-w32cli-1.4.18.exe on winXP works, but starting wpt.exe after installation, the monitor shows Schlüsselcache internal error. Then rightclick on wptbutton/über(about) in the quickstartlist shows the right versionnumbers of wpt an gnupg. But clicking Schlüsselverwaltung a bugmessage arrives like this. Look here: http://666kb.com/i/cpp0j83n5s33h1doq.jpg I restarted the system but no solution. So I went back to 1.4.17 :-( -- regards Reinhard --- on OUTLOOK 2007 --- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -BEGIN PGP SIGNATURE- Version: GnuPG v1 - GPGrelay v0.962 iD8DBQFTxGN3oNLoClWVo8MRA0MfAKCVLauqGzhrfyNda0uMP0YFO6a5UgCeLZKL U/RkYcnNRX2xyp5TWJtFbOE= =MQMh -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users